CVE-2023-7327

Ozeki SMS Gateway versions up to and including 10.3.208 contain a path traversal vulnerability. Successful exploitation allows an unauthenticated attacker to use URL-encoded traversal sequences to read arbitrary files from the underlying filesystem with the privileges of the gateway service, leading to disclosure of sensitive information.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
VulnCheckCNA
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
Common Weakness Enumeration
References
https://ozeki-sms-gateway.com/
https://www.exploit-db.com/exploits/51646
https://www.vulncheck.com/advisories/ozeki-sms-gateway-unauthenticated-arbitrary-file-read